GHSA-mrwq-x4v8-fh7p

Опубликовано: 19 июл. 2023

Источник: github

Github: Прошло ревью

CVSS4: 6.8

CVSS3: 5.5

Описание

Pygments vulnerable to ReDoS

A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer.

Ссылки

Пакеты

Наименование

Pygments

pip

Затронутые версииВерсия исправления

< 2.15.0

2.15.0

EPSS

Процентиль: 20%

0.00064

Низкий

6.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

CVE-2022-40896

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-40896

CVSS3: 5.5

ubuntu

больше 2 лет назад

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

CVE-2022-40896

CVSS3: 5.5

redhat

больше 2 лет назад

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

CVE-2022-40896

CVSS3: 5.5

nvd

больше 2 лет назад

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

CVE-2022-40896

CVSS3: 5.5

msrc

6 месяцев назад

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

CVE-2022-40896

CVSS3: 5.5

debian

больше 2 лет назад

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments ...

EPSS

Процентиль: 20%

0.00064

Низкий

6.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

CVE-2022-40896

Дефекты

CWE-434